FILTER

Simplify Audits With Automated Evidence Collection

New Product Release: GitHub Integration | Automated Evidence Collection for Code Change Control

Tugboat Logic is proud to announce the availability of our latest feature: GitHub Integration: Automated Evidence Collection for Code Change Control for external audits like SOC 2, ISO 27001 and more.

Why You Need Tugboat Logic’s Github Integration

A best practice security control recommended by NIST, SOC 2 and ISO 27001 is to conduct a code review for each release to production to ensure security and quality.

Given the frequency of code releases, this can be a burden to manually collect the evidence to show this task has been completed. So Tugboat Logic has created an automated method for collecting this evidence through an integration with GitHub Cloud.

Tugboat Logic Github Integration for Automated Collection of Code Change Control Evidence

How Automated Evidence Collection Works

The Tugboat Logic Github integration helps you automate the evidence collection process for gathering code review data from your GitHub cloud instance for proof that you are following proper change controls with every code release.

This information will be stored in the “Evidence” page under “Code Change Control Evidence”. This evidence can then be used during third-party audits (e.g. SOC 2, ISO 27001) by linking to it to Evidence Requests on the “Certifications Projects” page.

Note that the Automated Evidence Collection feature is best used when your organization has adopted a process where your GitHub repositories enforce pull requests with required reviews on production branches, where reviewers check for common security and quality issues.

 

Sample Pull Request from Github

Want to Get Started?

Interested in automating evidence collection for your next audit? Please click here for a free trial.